URL Filtering Profile Actions
The URL Filtering profile specifies web access and credential submission permissions for each URL category. By default, site access for all URL categories is set to allow when you Create a new URL Filtering profile. This means that the users will be able to browse to all sites freely and the traffic will not be logged. You can customize the URL Filtering profile with custom Site Access settings for each category, or use the predefined default URL filtering profile on the firewall to allow access to all URL categories except the following threat-prone categories, which it blocks: abused-drugs, adult, gambling, hacking, malware, phishing, questionable, and weapons.
For each URL category, select the User Credential Submissions to allow or disallow users from submitting valid corporate credentials to a URL in that category in order to Prevent Credential Phishing. Managing the sites to which users can submit credentials requires User-ID and you must first Set Up Credential Phishing Prevention. URL categories with the Site Access set to block are automatically set to also block user credential submissions.
Learn more about configuring a best practice URL Filtering profile to ensure protection against URLs that have been observed hosting malware or exploitive content.
The website is allowed and a log entry is generated in the URL filtering log.
Set alert as the Action for categories of traffic you don’t block to log and provide visibility into the traffic.
The website is allowed and no log entry is generated.
Don’t set allow as the Action for categories of traffic you don’t block because you lose visibility into traffic you don’t log. Instead, set alert as the Action for categories of traffic you don’t block to log and provide visibility into the traffic.
The website is blocked and the user will see a response page and will not be able to continue to the website. A log entry is generated in the URL filtering log.
Blocking site access for a URL category also sets User Credential Submissions for that URL category to block.
The user will be prompted with a response page indicating that the site has been blocked due to company policy, but the user is prompted with the option to continue to the website. The continue action is typically used for categories that are considered benign and is used to improve the user experience by giving them the option to continue if they feel the site is incorrectly categorized. The response page message can be customized to contain details specific to your company. A log entry is generated in the URL filtering log.
The Continue page doesn’t display properly on client systems configured to use a proxy server.
The user will see a response page indicating that a password is required to allow access to websites in the given category. With this option, the security admin or helpdesk person would provide a password granting temporary access to all websites in the given category. A log entry is generated in the URL filtering log. See Allow Password Access to Certain Sites.
The Override page doesn’t display properly on client systems configured to use a proxy server.
The none action only applies to custom URL categories. Select none to ensure that if multiple URL profiles exist, the custom category will not have any impact on other profiles. For example, if you have two URL profiles and the custom URL category is set to block in one profile, if you do not want the block action to apply to the other profile, you must set the action to none.
Also, in order to delete a custom URL category, it must be set to none in any profile where it is used.
User Credential Permissions
Allow users to submit corporate credentials to sites in this URL category, but generate a URL Filtering alert log each time this occurs.
Allow users to submit corporate credentials to websites in this URL category.
Block users from submitting corporate credentials to websites in this category. A default anti-phishing response page is displayed to users when they access sites to which corporate credential submissions are blocked. You can choose to create a custom block page to display.
Display a response page to users that prompts them to select Continue to access to access the site. By default, the Anti Phishing Continue Page is shown to user when they access sites to which credential submissions are discouraged. You can also choose to create a custom response page to display—for example, if you want to warn users against phishing attempts or reusing their credentials on other websites.
Prevent Credential Phishing
Prevent Credential Phishing Phishing sites are sites that attackers disguise as legitimate websites with the aim to steal user information, especially the credentials that provide ...
URL Filtering Categories
URL Filtering Categories Select Objects Security Profiles URL Filtering Categories to control access to websites based on URL categories. Categories Settings Description Category Displays the ...
URL Categories PAN-DB classifies websites based on site content, features, and safety. A URL can have up to four categories, including risk categories (high, medium, ...
Configure URL Filtering
Configure URL Filtering After you Determine URL Filtering Policy Requirements , you should have a basic understanding of what types of websites and website categories ...
URL Filtering Response Pages
URL Filtering Response Pages The firewall provides three predefined response pages that display by default when a user attempts to browse to a site in ...
Set Up Credential Phishing Prevention
Set Up Credential Phishing Prevention After you have decided which of the Methods to Check for Corporate Credential Submissions you want to use, take the ...
New Security-Focused URL Categories
Use the new security-focused URL categories to implement simple security and decryption policies based on website safety, without requiring you to research and individually assess ...
User Credential Detection
User Credential Detection Select Objects Security Profiles URL Filtering User Credential Detection to enable the firewall to detect when users submit corporate credentials. Configure user ...
Custom URL Categories
Custom URL Categories You can create a custom URL Filtering object to specify exceptions to URL category enforcement, and to create a custom URL category ...